-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to exclude rules by tag / pillars #1825
Labels
Comments
o-l-a-v
changed the title
Ability to exclude pillars (group of rules)
Ability to exclude rules by tag / pillars
May 23, 2024
My first workaround made PSRule throw an error: TargetSite : System.String ToJson(System.Object[], System.Nullable`1[System.Int32])
Message : Index was outside the bounds of the array.
Data : {[System.Management.Automation.Interpreter.InterpretedFrameInfo,
System.Management.Automation.Interpreter.InterpretedFrameInfo[]]}
InnerException :
HelpLink :
Source : Microsoft.PSRule.Core
HResult : -2146233080
StackTrace : at PSRule.Pipeline.Output.JsonOutputWriter.ToJson(Object[] o, Nullable`1 jsonIndent) in
/_/src/PSRule/Pipeline/Output/JsonOutputWriter.cs:line 25
at PSRule.Pipeline.Output.JsonOutputWriter.Serialize(Object[] o) in
/_/src/PSRule/Pipeline/Output/JsonOutputWriter.cs:line 20
at PSRule.Pipeline.SerializationOutputWriter`1.End() in /_/src/PSRule/Pipeline/PipelineWriter.cs:line 432
at PSRule.Pipeline.InvokeRulePipeline.End() in /_/src/PSRule/Pipeline/InvokeRulePipeline.cs:line 98
at CallSite.Target(Closure, CallSite, Object)
at System.Management.Automation.Interpreter.DynamicInstruction`2.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) So I'll do this instead: ## Get all available rules and find the ones to exclude
$PSRuleRulesAvailable = [array](Get-PSRule -Module 'PSRule.Rules.Azure')
$PSRuleRulesExclude = [string[]](
$PSRuleRulesAvailable.Where{
$_.'Tags'.'Azure.WAF/pillar' -eq 'Reliability' -or
$_.'Info'.'Annotations'.'severity' -eq 'Awareness'
}.'Name' | Sort-Object
)
## Run PSRule
$PSRuleScan = [PSCustomObject[]](
Invoke-PSRule -InputPath $FilePath -Module 'PSRule.Rules.Azure' -Outcome 'Fail','Error' -OutputFormat 'Json' -Option @{
'AZURE_BICEP_CHECK_TOOL' = [bool] $true
'AZURE_BICEP_FILE_EXPANSION' = [bool] $true
'AZURE_BICEP_FILE_EXPANSION_TIMEOUT' = [uint16] 30
'AZURE_BICEP_PARAMS_FILE_EXPANSION' = [bool] $true
} | ConvertFrom-Json | Where-Object -FilterScript {$_.'ruleName' -notin $PSRuleRulesExclude} | Sort-Object -Property 'ruleName'
) |
@o-l-a-v Thanks for the suggestion. Another approach would be to define a custom baseline. ---
# Synopsis: A custom baseline without reliability
apiVersion: github.com/microsoft/PSRule/v1
kind: Baseline
metadata:
name: MyBaseline
spec:
rule:
tag:
release: GA
Azure.WAF/pillar: [ 'Security', 'Cost Optimization', 'Performance Efficiency', 'Operational Excellence' ] You can use the See: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Is your feature request related to a problem? Please describe.
I'd like the ability to exclude pillars / group of rules by category. Take PSRule.Rules.Azure for instance, where I'd like to exclude all rules in the pillar "reliability".
Example rule in this pillar / category:
Seems it has tag
'Azure.WAF/pillar' = 'Reliability'
.Describe the solution you'd like
The ability to exclude a group of rules based on pillar / category.
Describe alternatives you've considered
Additional context
The text was updated successfully, but these errors were encountered: